Top Tips Of Far Out CAP Training

NEW QUESTION 1
You are the project manager of the GHY Project for your company. You have completed the risk response planning with your project team. You now need to update the WBS. Why would the project manager need to update the WBS after the risk response planning process? Choose the best answer.

• A. Because of risks associated with work packages
• B. Because of work that was omitted during the WBS creation
• C. Because of risk responses that are now activities
• D. Because of new work generated by the risk responses

Answer: D

NEW QUESTION 2
Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

• A. DITSCAP
• B. NIACAP
• C. NSA-IAM
• D. ASSET

Answer: B

NEW QUESTION 3
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

• A. FITSAF
• B. TCSEC
• C. FIPS
• D. SSAA

Answer: B

NEW QUESTION 4
Which of the following individuals is responsible for the final accreditation decision?

• A. Information System Owner
• B. Certification Agent
• C. User Representative
• D. Risk Executive

Answer: A

NEW QUESTION 5
Ben is the project manager of the YHT Project for his company. Alice, one of his team members, is confused about when project risks will happen in the project. Which one of the following statements is the most accurate about when project risk happens?

• A. Project risk can happen at any moment.
• B. Project risk is uncertain, so no one can predict when the event will happen.
• C. Project risk happens throughout the project execution.
• D. Project riskis always in the future.

Answer: D

NEW QUESTION 6
You work as a project manager for BlueWell Inc. Your project is running late and you must respond to the risk. Which risk response can you choose that will also cause you to update the human resource management plan?

• A. Fast tracking the project
• B. Teaming agreements
• C. Transference
• D. Crashing the project

Answer: D

NEW QUESTION 7
Which of the following statements about Discretionary Access Control List (DACL) is true?

• A. It is a rule list containing access control entries.
• B. It specifies whether an audit activity should be performed when an object attempts to access a resource.
• C. It is a unique number that identifies a user, group,and computer account.
• D. It is a list containing user accounts, groups, and computers that are allowed (or denied) access to the object.

Answer: D

NEW QUESTION 8
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

• A. Adaptive controls
• B. Preventive controls
• C. Detective controls
• D. Corrective controls

Answer: B

NEW QUESTION 9
You are the project manager of a large construction project. Part of the project involves the wiring of the electricity in the building your project is creating. You and the project team determine the electrical work is too dangerous to perform yourself so you hire an electrician to perform the work for the project. This is an example of what type of risk response?

• A. Transference
• B. Mitigation
• C. Avoidance
• D. Acceptance

Answer: A

NEW QUESTION 10
Fill in the blank with an appropriate word.
________ ensures that the information is not disclosed to unauthorized persons or processes.

• A. Confidentiality

Answer: A

NEW QUESTION 11
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

• A. Authenticity
• B. Confidentiality
• C. Availability
• D. Integrity

Answer: B

NEW QUESTION 12
There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?

• A. Acceptance
• B. Mitigation
• C. Sharing
• D. Transference

Answer: A

NEW QUESTION 13
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment?
Each correct answer represents a part of the solution. Choose all that apply.

• A. Information Assurance Manager
• B. Designated Approving Authority
• C. IS program manager
• D. User representative
• E. Certification agent

Answer: BCDE

NEW QUESTION 14
David is the project manager of HGF project for his company. David, the project team, and several key stakeholders have completed risk identification and are ready to move into qualitative risk analysis. Tracy, a project team member, does not understand why they need to complete qualitative risk analysis. Which one of the following is the best explanation for completing qualitative risk analysis?

• A. It isa rapid and cost-effective means of establishing priorities for the plan risk responses and lays the foundation for quantitative analysis.
• B. It is a cost-effective means of establishing probability and impact for the project risks.
• C. Qualitative risk analysis helps segment the project risks, create a risk breakdown structure, and create fast and accurate risk responses.
• D. All risks must pass through quantitative risk analysis before qualitative risk analysis.

Answer: A

NEW QUESTION 15
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation?
Each correct answer represents a complete solution. Choose two.

• A. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
• B. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
• C. Certification is the official management decision given by a senior agency official to authorize operation of an information system.
• D. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.

Answer: AD

NEW QUESTION 16
Which of the following techniques are used after a security breach and are intended to limit the extent of any damage caused by the incident?

• A. Safeguards
• B. Preventive controls
• C. Detective controls
• D. Corrective controls

Answer: D

NEW QUESTION 17
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

• A. Business continuity plan
• B. Continuity of Operations Plan
• C. Disaster recovery plan
• D. Contingency plan

Answer: D

NEW QUESTION 18
......